File Permissions Help

[_Bat_]

This could go under web development or *nix, so I chose *nix.

Can anyone give me a rough overview as to how linux file permissions work? I tried searching the net but there is nothing basically explaining the security risks of file permissions on the internet.

Most of the files on my joomla installation are by default set to 644. Most folders (and a few files) are set to 755 by default. Yet there are upload folders (for uploading files from the joomla frontend) set to 777. Is this dangerous? Do they need to be set up 777?

I've had a website hacked before due to dodgy permissions and I am determined it will not happen again.

Cheers

[Geoff]

Wikipedia to the rescue.

http://en.wikipedia.org/wiki/File_sy...ix_permissions

[_Bat_]

Okay... so basically anything with world write permissions is dangerous? I don't really understand that. Even if a file/folder has world write permissions, how would someone actually edit said file/folder without any passwords? I've seen it done before, but how do they do it? Is there a flaw in the coding which allows them to do it?

[Geoff]

They would have to break in via a network facing service of some description. This, for example, could be brute forcing username/password combinations on your SSH server or exploiting a badly written PHP site.